struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Pitts <jpi...@tahc.state.tx.us>
Subject Re: calling actions directly
Date Thu, 05 Jun 2003 15:18:24 GMT
I don't have experience with WebLogic (it's all opensource sw and no $$ 
around here), but I'll take your word for it.
-nathan

On Thursday, June 5, 2003, at 10:08 AM, Karr, David wrote:

> Unfortunately, not all web containers will support this.  There was
> apparent disagreement on the interpretation of the specification in 
> this
> area.  In particular, WebLogic does not support this.  I believe,
> however, that in version 8.1 it's possible to do this, although I
> believe you have to set some non-standard configuration flag.  I don't
> know the details.
>
> The alternative is to put all JSP pages into a security constraint on a
> role that no user is set to.
>
>> -----Original Message-----
>> From: Nathan Pitts [mailto:jpitts@tahc.state.tx.us]
>> Sent: Thursday, June 05, 2003 8:02 AM
>> To: Struts Users Mailing List
>> Subject: Re: calling actions directly
>>
>> Brian,
>>
>> If you put all your jsp's inside a the WEB-INF directory, they will
> not
>> be accessible directly -- only through an action.  I think this is
> part
>> of the jsp specification that nothing can be directly served out of
>> this special directory..Otherwise, a user could pull up configuration
>> files that reside there -- web.xml for example.....For example, I have
>> a directory structure containing jsp's under WEB-INF/jsp in my current
>> web application....Hope this helps!
>> --nathan
>>
>>
>> On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote:
>>
>>> Ah yes,
>>>
>>>> Perhaps what you're thinking of is that JSP files should not be
> called
>>>> directly or bookmarked. They should be hidden from the user
>>>> completely,
>>> and
>>>> only accessible through an action.
>>>
>>> that was it - sorry - stupid of me.
>>> Could you tell me how to secure the jsps so that they are only a
>>> result of
>>> the action?
>>> cheers,
>>> Brian
>>>
>>>
>>> ----- Original Message -----
>>> From: "Kruse, Matt" <MKruse@aquent.com>
>>> To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>>> Sent: Thursday, June 05, 2003 3:12 PM
>>> Subject: RE: calling actions directly
>>>
>>>
>>>>> I read that one of the things about struts is the actions are
>>>>> only able to be called from the pages directly. Ie, you
>>>>> shouldn't be able to bookmark the actions themselves like:
>>>>> http://myhost/myaction.do
>>>>
>>>> Where did you hear this? That's totally not true - any action can
> be
>>> called
>>>> directly as long as it has a mapping. It's just a URL. Otherwise,
> how
>>> would
>>>> you enter the first action? :)
>>>>
>>>> Perhaps what you're thinking of is that JSP files should not be
> called
>>>> directly or bookmarked. They should be hidden from the user
>>>> completely,
>>> and
>>>> only accessible through an action.
>>>>
>>>> Matt Kruse
>>>>
>>>>
>>>
>>>
>>>
> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>
>> =============================
>> Nathan Pitts
>> Programmer Analyst
>> Texas Animal Health Commission
>> =============================
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>



=============================
Nathan Pitts
Programmer Analyst
Texas Animal Health Commission
=============================


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message